CompTIA Security+ SYO 601 Chapter 13 Wireless and Mobile Security
Securing mobile devices also involves operating system and hardware security. The Security+ exam lists two specific security technologies that are specific examples of mobile device security capabilities which are?
The first is microSD hardware security modules (HSMs). Like the hardware security modules, we have talked about, a microSD HSM is a hardware key management and Public Key Infrastructure (PKI) tool in a very small form factor. In fact, HSMs like this are available as more than just microSD cards—they come in USB, SIM, and other forms as well. Like other HSMs, these devices provide services for key creation, backup, and restore, and management, and support public key authentication and other cryptographic tools. OF course, the devices aren't useful on their own and require an app to use them. The second specific technology the exam considers is SEAndroid. SEAndroid is a version of Security Enhanced Linux for Android devices. SEAndroid provides the ability to enforce mandatory access control on Android devices. That means that Android processes of all types can be better compartmentalized limiting exploits as well as helping to secure system services, system and application data, and logs. Like many security systems, any action that isn't explicitly allowed is denied—a default deny system. SEAndroid operates in an enforcement mode that logs any permission denials that occur in addition to enforcing them. SEAndroid allows a broad range of policies to be implemented on Android devices.
Limiting the use of external media and USB on-the-go (OTG) functionality that allows devices to act as hosts for USB external devices like cameras or storage can also help limit?
The potential for misuse of devices.
Modern enterprises rely on many types of wireless technologies by?
There are many wireless connectivity options for organizations and individuals. Devices may connect via cellular networks, which place the control of the network in the hands of cellular providers. Wi-Fi is widely used to connect devices to organizational networks at high speed, allowing ease of mobility while providing security using enterprise security protocols. NFC and RFID provide short-range, relatively low-bandwidth exchange of data and are used for payment, ID cards, and inventory tagging, among many other purposes. Infrared, although still in use in some areas, is less popular due to its line-of-sight requirements and limited bandwidth in many circumstances.
Each of these design models is simple to understand. A point-to-point network connects?
To nodes, and transmissions between them can only be received by the endpoints.
Designing secure networks often starts with a basic understanding of the?
Type of network connectivity that you will be deploying or securing. The Security+ exam outline lists a range of wireless connection types.
Bluesnarfing is?
Unauthorized access to a Bluetooth device, typically aimed at gathering information like contact lists or other details the device contains. Unfortunately, there aren't many security steps that can be put in place for most Bluetooth devices. Many simple require paring using an easily guessed code (often 0000), and then proceed to establish a long-term security key that is used to secure their communications. Unfortunately, that long-term key is used to generate session keys when combined with other public factors, thus making attacks against them possible.
A RFID-based trolling systems spread across the?
United States, security researchers looked into vulnerabilities in the technology. In 2008, in California they discovered that the RFID tags used for the toll road system had not been locked after they were written, meaning that tags could be read and reprogrammed, changing the transponder ID. Since the RFID tag could be rewritten at a distance, this opened up a wide number of potential attacks. If this vulnerability was used for malicious purposes, it would have been possible for attackers to rewrite transponders, charge tools to other vehicles and otherwise wreak havoc on the toll system. This type of research emphasizes the need to understand the capabilities and implications of configuration choices used in any device deployment and particularly with RFID tags.
Bluejacking simply sends?
Unsolicited messages to Bluetooth enabled devices.
BYOD places the control in the hands of the end?
User, since they select and manage their own device. In some BYOD models, the organization may use limited management capabilities such as the ability to remotely wipe email or specific applications, but BYOD's control and management model is heavily based on the user. This option provides far less security and oversight for the organization.
Mobile devices can be a challenge to manage, particularly due to operating system limitations, variability between hardware manufactures, carrier settings and operating system?
Versions. Many mobile devices are intended to be used by individuals and don't have the broad set of built-in controls that more business0oriented devices and software typically have. When you add in the wide variety of device deployment models, security practitioners face real challenges in an increasingly mobile device-focused environment.
Near-field communication (NFC) is used for?
Very short-range communication between devices. You've likely seen NFC used for payment terminals using Apple Pay, or Google Wallet with cell phones.
One key technology that can help make mobile device deployments more secure is the use of?
Virtual desktop infrastructure (VDI) to allow relatively low-security devise to access a secured, managed environment. Using VDI allows device users to connect to the remote environment, perform actions, and then return to normal use of their device. Containerization tools can also help split devices between work and personal-use environments, allowing a work container or a personal container to be run on a device without mixing data and access.
Wi-Fi networks rely on security and certification standards to help keep them secure. In fact, modern wireless devices can't even display the Wi-Fi trademark without being certified to a current standard like WPA2 or WPA3. WPA2, or Wi-Fi Protected Access 2, is a widely deployed and used standard that provides two major usage modes which are?
WPA-Personal which uses a preshared key and thus is often called WPA-PSK. This allows clients to authenticate without an authenticated server infrastructure. WPA-Enterprise which relies on a RADIUS authentication server as part of 802.x implementation for authentication. Users can thus have unique credentials and be individually identified.
Although Wi-Fi security standard vulnerabilities aren't specifically included in the exam, there are a few that you should be aware of which are?
WPA2 pre-shared keys which can be attacked if they are weak, and WPA passphrase hashes generated using the SSID and its length. Rainbow tables exist for these SSIDs matched with frequently used passwords, meaning that common network names and weak passwords can be easily leveraged. WPA doesn't ensure that encrypted communications cannot be read by an attacker who acquires the pre-shared key. In other words, WPA2 doesn't implement perfect forward secrecy. Other attacks exist, including attacks on authentication via MS-CHAPv2, attacks on WPS the quick single-button setup capability that many home Wi-Fi devices have built-in, flaws in the WPA2 protocol's handling of handshakes for reestablishing dropped connections, and even flaws in the newest WPA3 protocol that result in the potential for successful downgrade attacks and handshake protocol issues.
Disassociation describes?
What happens when a device disconnects from an access point. Many wireless attacks work better if the target can be forced to disassociate from the access point that it is using when the attack starts. That will cause the system to attempt to reconnect, providing an attacker with a window of opportunity to set up a more powerful evil twin or to capture information as the system tires to reconnect.
WPA3, the replacement for WPA2, has been required to be supported in all?
Wi-Fi devices since the middle of 2018. WPA hasn't reached broad implementation in 2018. WPA3 hasn't reached broad implementation in normal use due to the number of unsupported devices in many organizations, but as devices are replaced, WPA3 deployments will become more common. WPA3 improves on WPA2 n a number of ways depending on whether it is used in Personal or Enterprise mode.
Designing a Wi-Fi network for usability, performance, and security requires careful?
Wireless access point (WAP) placement as well as configuration. Tuning and placement are critical because wireless access points have a limited number of channels to operate within, and multiple wireless access points using the same channel within a range of each other can decrease the performance and overall usability of the network. At the same time, organizations typically don't want to extend signal to places where they don't intend their network to reach. That means your design may need to include AP placement options that limit how far wireless signal extends beyond your buildings or corporate premises.
Administrators may also want to control how devices use their?
Wireless connectivity. That can take the form of limiting which Wi-Fi networks devices can connect to, preventing them from forming or joining ad hoc wireless networks, and disabling tethering and the ability to become a wireless hotspot. Bluetooth and NFC controls can also help prevent the device from being used in ways that don't fit organizational security models, such as use as a payment method or access device.
The term Wi-Fi covers a range of wireless protocols that are used to provide?
Wireless networking. Wi-Fi primarily relies on the 2.4GHZ and 5GHZ radio bands and uses multiple channels within those bands to allow multiple networks to coexist. Wi-Fi signals can reach to reasonably long ranges, although frequencies Wi-Fi operates on are blocked or impeded by common obstacles like walls and trees. Despite those impediments, one of the most important security concerns with Wi-Fi networks is that they travel beyond the spaces that organizations own or control. The table down below this lists current and historical Wi-Fi standards, ranging from 802.11b, which was the first broadly deployed Wi-Fi standard, to 802.11 ac, the most broadly deployed current standard. 802.11ax or Wi-Fi 6, is steadily becoming more available, but organizations are likely to have a broad existing deployment of 802,11ac devices until they replace them as part of normal upgrades. In many environments, 802.11n, 802.11g and even older standards may still be encountered.
Site survey tools test?
Wireless signal strength as you walk, allowing you to match location using GPS and physically marking your position on a floorplan map as you go. They then show where wireless signal is, how strong it is and what channel or channels each access point or device is on in the form of a heat map. AN example shows a heatmap for a building. Note that access points have a high signal area that drops off and that the heat maps aren't perfect circles. The building's construction and interference from other devices can influence how the wireless signal behaves.
NFC is limited to about?
4 inches of range, meaning that it is not used to build networks of devices and instead is primarily used for low-bandwidth, device-to-device purposes. That doesn't mean that NFC can't be attacked, but it does mean that threats will typically be in close proximity to an NFC device. Intercepting NFC traffic, replay attacks and spoofing attacks are all issues that NFC implementation need to amount for. At the same time, NFC devise must ensure that they do not respond to queries except when desired so that an attacker cannot simply bring a receiver into range and activate an NFC transaction or response.
Since Bluetooth is designed and implemented to be easy to discover, configure, and use it can also be relatively easy to attack. Bluetooth does support encryption, but the encryption relies on?
A Pin used by both devices. Fixed Pins for devices like headsets reduces the security of their connection. Attacks against authentication, as well as the negotiated encryption keys, mean that Bluetooth may be susceptible to eavesdropping as well as other attacks.
Global Positioning System (GPS) unlike the other technologies, is not used to create a network where a device transmit. Instead, it uses?
A constellation of satellites that send out GPS signals, which are received by a compatible GPS receiver. While the U.S. GPS system is most frequently referred to, other systems, including the Russian GLONASS system and smaller region systems also exist.
Evil twins aren't the only type of undesirable access points that you may find on your network. Rouge access points are?
APs added to your network either intentionally or unintentionally. Once they are connected to your network, they can offer a point of entry to attackers or unwanted users. Since many devices have built-in wireless connectivity and may show up as an accessible network, it is important to monitor your network and facilities for rouge access points.
Most modern enterprise wireless controller systems have built-in functionality that allows them to detect new?
Access points in areas where they are deployed. In addition, wireless intrusion detection systems or features can continuously scan for unknown access points and then determine if they are connected to your network by combining wireless networking testing with wired network logs and traffic information. This helps separate out devices like mobile phones set up as hotspots and devices that may advertise a setup Wi-Fi network from devices that are plugged into your network and that may thus create a real threat.
RFID may be deployed in either?
Active tags, which have their own power source and always send signals to be read by a reader; semi-active tags, which have a battery to power their circuits but are activated by the reader; or passive tags, which are entirely powered by the reader.
GPS navigation can help position device to within a foot of their?
Actual position, allowing highly accurate placement for geofencing and other GPS uses. GPS also provides a consistent time signal, meaning that GPS receivers may be integrated into network systems.
Wi-Fi devices are most commonly deployed in either?
Ad hoc mode, which allows devices to talk to each other directly, or in infrastructure mode, which sends traffic through a base station, or access point. Wi-Fi networks use service set identifiers (SSIDs) to identify their network name. SSIDs can be broadcast or kept private.
CCMP uses?
Advanced Encryption Standard (AES) encryption to provide confidentiality, delivering much stronger encryption than WEP or the wired equivalent privacy protocol used previously. In addition to confidentiality, CCMP provides authentication for the user and the access control capabilities. You'll note that user authentication is provided but not network authentication—that is an important addition to WPA3.
More advanced WLAN controllers and access points may also have?
Advanced security features such as threat intelligence, intrusion prevention, or other capabilities integrated into them Depending on your network architecture and security design, you may want to leverage these capabilities, or you may choose to disable them because your network infrastructure implements those capabilities in another location or with another tool, or they do not match the needs of the network where you have them deployed.
5G requires a much greater?
Antenna density but also proves greater bandwidth and throughput. Whereas cellular provides and organizations that wanted cellular connectivity tended to place towers where coverage was needed for 4G, 5G networks will require much more attention to antenna deployment, which means that organizations may need to be designed around 5G antenna placement as part of their building and facility design efforts over time.
Regardless of the type of tool you choose, there are a number of features your organization may use to ensure that your mobile devices and the data they contain are secure. Although the follow list isn't a complete list of every feature available in MDM, UEM and MAM tools, you need to known about each of them, and why you might want to have it to be ready for the exam which those things that you need to know are?
Application malmanagement features are important to allow enterprise control of applications. These features may include deploying specific applications to all devices, limiting which applications can be installed; remotely adding, removing, or changing applications and settings for them; or monitoring application usage. Content management (sometimes called MCM, or mobile content management) ensures secure access and control of organizational files, including documents and media on mobile devices. A major concern for mobile device deployments in the combination of organizational data and personal data on BYOD and shared-use devices. Content management features lock away business data in a controlled space and then helps manage access to that data. In many cases, this requires use of the MDM's application on mobile device to access and use the data. Remote-wipe capabilities are used when a device is lost or stolen, or when the owner is no longer employed by the organization. It is important to understand the difference between a full device wipe and wiping tools that can wipe only the organizational data and applications that have been deployed to the device. In environments where individuals own the devices, remote wipe with a confirmation process that lets you know when it has succeeded is a big part of helping protect organizational data. Geolocation and geofencing capabilities allow you to use the location of the phone to make decisions about its operation. Some organization's may only allow corporate tablets to be used inside corporate faculties to reduce the likelihood of threat or data access outside their buildings. Other organizations may want devices to wipe themselves if they leave a known area. Geolocation can also help locate lost devices, in addition to the many uses for geolocation that we used in our daily lives with mapping and similar tools. Screen locks, passwords, and PINS area all part of normal device security models to prevent unauthorized access. Screen lock time settings are one of the most frequently set security options for basic mobile device security. Much like desktop and laptops mobile device management tools also set things like password length, complexity, and how often passwords or PINs must be changed. Biometrics are widely on modern devices, with fingerprints and facial recognition the most broadly adopted and deployed. Biometrics can be integrated into mobile device management capabilities so that you can deploy biometric authentication for users to specific devices and leverage biometric factors for additional security or ease of use. Context-aware authentication goes beyond PINs, passwords, and biometrics to better reflect user behavior. Context may include things like location, hours of use, and a wide range of other behavior elements that can determine whether a suer should be able to log in. Containerization is an increasingly common solution to handling separation of work and personal-use contexts on devices. Using a secure container to run application, store data, and otherwise keep the use of a device separate greatly reduces the risk of cross-contamination and exposure. In many MDM models, applications use wrappers to run them, helping keep them separate and secure. In others, a complete containerization environment is run as needed. Storage segmentation can be used to keep personal and business data separate as well. This may by separate volumes or even separate encrypted volumes that require specific applications, wrappers, or containers to access them. In fact, storage segmentation and containerization or wrapper technology are often combined to better implement application and separation. Full-device encryption (FDE) remains the best way to ensure that stolen or lost devices don't result in a data breach. When combined with remote-wipe capabilities and strong authentication requirements, FDE can provide the greatest chance of device resisting data theft. Push notification may seem like an odd inclusion here, but sending messages to devices can be useful in a number of scenarios. You may need to alert a user to an issue or ask them to perform an action. Or you may want to communicate with someone who found a lost device or tell a thief that the device is being tracked! Thus, having the ability to send messages from a central location can be a useful tool in an MDM or UEM system.
A third class of tools known as mobile application management (MAM) tools focuses specifically on the?
Applications that are deployed on mobile devices. Common features include application delivery, configuration, update, and version management, performance monitoring and analytics, logging, and data gathering, as well as various controls related to users and authentication. Although MAM products are in use in some organizations, they are becoming less common as ore full-featured MDM and UEM tools take over the market to provide more control of mobile devices.
One of the first things you need to consider when designing a secure network is how it could be?
Attacked. Attackers may pose as legitimate wireless networks, add their own wireless devices to your network, interfere with the network, use protocol flaws or attacks, or take other steps to attack your network.
Many access points will automatically select the?
Best channel when they are deployed. Wireless network management software can monitor for interference and overlap problems and adjust your network using the same capabilities that they use to determine if there are new rouge access points or unexpected wireless devices in their coverage area. These more advanced enterprise Wi-Fi controllers and management tools can also adjust broadcast power to avoid interference or even to overpower an unwanted device.
You need to familiar with two types of Bluetooth attacks for the Security+ exam which are?
Bluejacking and bluesnarfing
Cryptographic authentication protocols provide wireless security by?
Both WPA2 and WPA3 are used in modern Wi-Fi networks. These protocols provide for both simple authentication methods, like WPA2's preshared key mode, and for enterprise authentication models that rely on RADIUS servers to provide user login with organizational credentials. Devices are frequently configured to use a variant of the Extensible Authentication Protocol (EAP) that supports the security needs of the organization and that is supported by deployed wireless devices.
Summary for chapter 13 review this.
Building a secure network starts with an understanding of the wireless connectivity options that organizations may choose to deploy. Although Wi-Fi cellular, and Bluetooth are found almost everywhere, other technologies like RFID, infrared, and NFC are also built into devices and systems. These technologies can be built into point-to-point or point-to-multi-point networks, and knowing which technologies are in play and how they connect devices is the first part of designing your network. Once you know what type of wireless technology you need to secure, you must understand the common attacks against wireless technologies and protocols as well as specific attttacks commonly aimed at networks. Rouge access points, evil twins, and disassociation attacks are methods used to attack Wi-Fi networks, and bluesnarfing and bluejacking target Bluetooth. Jamming, or flooding networks so that traffic cannot make it through, can be conducted agaist most radio frequency and even infrared networks. With technoloiges and attacks in mind, network design is conducted including using stite surveys to understand the environment that the network will be deployed into Heatmaps show signal propagation and can help with device placement,. How you will protect your controllers and access points also comes into play, with concerns ranging from patching and maintenance to secure remote access via protected channels or networks. ·Once a network is designed, security and authentication options are the next layer in your design. WPA2 and WPA3 provide encryption capabilities and deployment models that allow users to use preshared keys. (WPA2-PSK) or unique passwords, as well as enterprise models that connect to RADIUS severs to allow the use of organizational credentials. EAP and its many variants allow choices based on what your hardware supports and what specific authentication choices you need to make. Finally, mobile devise must be secured. Deployment models range from BYOD processes that let users bring their own devices to entirely corporate-owned models that deploy locked-down devices for specific purposes into your end users' hands. Devices also need to be managed, which is where tools for mobile device management come into play. They provide a broad range of features that you need to be aware of as a security professional.
The final item listed in the Security+ outline for enforcement and monitoring is?
Carrier unlocking. Carrier unlocking allows phones to be used with other cellular providers. Monitoring the carrier unlock status of a device is not a common MDM capability and it typically handled at the carrier level.
Cellular connectivity is normally provided by a?
Cellular carrier rather than an organization, unlike Wi-Fi or other technologies that companies may choose to implement for themselves. That means that the cellular network is secure, managed, and controlled outside of your organization, and that traffic sent via cellular connection goes through a third-party network. Cellular data therefore needs to be treated as you would an external network connection, rather than your own corporate network.
Wireless networks are found throughout our organizations. From enterprise networks that authenticate users and that are managed and monitored using powerful tools, to simple wireless routers used in homes and small business to provide connectivity to residents, customers, or guests. Wi-Fi is everywhere. Wi-Fi networks aren't the only type of network that you will encounter what are some other you will also encounter Bluetooth, cellular, Zigbee, and other types of connectivity are also found in organizations. Unlike wired networks, the wireless networks don't stop outside the walls of your organization making wireless network security a very different?
Challenge to secure. The fact that many devices have the ability to create ad hoc wireless networks, or bridge their wired or wireless network connections, means that devices throughout your organization may also end up being paths to the network or to the device itself for malicious actors.
Figuring out what access points and other devise are already in place, and what networks may already be accessible in a building or space that you intended to deploy a wireless network into can be a?
Challenge. Fortunately, Wi-Fi analyzer software is used to gather all the data you need to survey and plan networks, create heatmaps, identify the best channel mapping and to use in 2D or 3D models, conduct speed test, and perform wireless client information, among other tasks. Although each analyzer tool may have a different functionality and features, they are a critical part of the toolkit that network engineers and security professionals use to assess wireless networks.
MDM and UEM tools also provide a rich set of controls for user behaviors. They can also enable?
Closed or managed third-party application stores or limit what your users can download and sue from the application stores that are native to the operating system or device you have deployed. They can also monitor for firmware updates and versions, including whether firmware over-the-air (OTA) updates have been applied to ensure that patching occurs. Of course, users may try to get around those controls by rooting their devices, or jailbreaking them so that they can sideload (manually install from a MicroSD card or via a USB cable) programs or even a custom firmware on the device. MDM and UEM tools will detect these activities by checking for known good firmware and software, and they can apply allow or block lists to the applications that the devices have installed. Controlling which services and device capabilities can be used, and even where they can be used, is also a feature that many organizations rely on. Limiting or prohibiting use of cameras and microphones as well as SMS, MMS, and rich communication services (RCS) messages can help prevent data leakage from secure areas.
In a COPE model, the device is
Company-owned and managed. COPE recognizes that users are unlikely to want to carry two pones and thus allows reasonable personal use on corporate devices. This model allows the organization to control the device more fully while still allowing personal use.
WPA2 introduced the use of the?
Counter Mode Cipher Block Chaining Message Authentication Code Protocol (CCMP).
The Security+ exam doesn't cover WIMAX, a microwave-based wireless technology that is used for connectivity much like?
DS: or cable in areas where wireless options are desirable. Point-to-point and point-to-multiport wireless technologies beyond those listed earlier are outside the scope of the exam, but you may encounter then in your job. If you do you'll need to consider what make those services or protocols different from those that you're used to, and plan security based on their specific needs. In the meantime, you'll continue to encounter cellular (LTE and 5G) and Wi-Fi networks far more often than WIMAX or other technologies.
The best way for attackers to force a system to disassociate is typically to send a?
Deauthentication frame, a specific wireless protocol element that can be sent to the access point by spoofing the victim's wireless MAC address. When the AP receives, it it will disassociate the device, requiring it to reconnect to continue. Since management frames for networks that are using WPA2 are often not encrypted, this type of attack is relatively easy to conduct. WPA3, however, requires protected management frames and will prevent this type of Deauthentication attack from working.
Managing mobile devices relies on both deployment methods and administrative tools by?
Deployment methods include bring your own device; choose your own device; corporate-owned, personally enabled; and corporate owned. The risks and rewards for each method need to be assessed as organizations choose which model to deploy their devices in. Once that decision is made, tools like mobile device management or unified endpoint management tools can be used to configure, secure, manage, and control the devices in a wide range of ways, from deploying applications to securely wiping devices if they are lost or stolen. You need to understand the capabilities and limitations of MDM and UEM products as well as the devise and operating systems that they can manage.
Attackers who want to conduct evil twin attacks, or who want systems to disconnect form a wireless network for any reason have two primary options to help with that goal which are?
Disassociation attacks and jamming.
Fortunately Wi-Fi protocols like WPA2 and WPA3 provide security features and functionality to help keep wireless signals secure. Those features include?
Encryption options, protections from network frames, and authentication options.
Perfect forward secrecy uses a process that changes the encryption keys on an ongoing basis so that a single exposed key won't result in the?
Entire communication's being exposed. Systems using perfect forward secrecy can refresh the keys they are using throughout a session at set intervals or every time a communication is sent.
A fully corporate owned and managed device is the most controlled?
Environment and frequency more closely resemble corporate PCs with a complete control and management suite. This is the least user-friendly of the options, since a corporate-chosen and managed device will meet corporate needs but frequently lacks the flexibility one of the more end user-cretic designs. Although these are common descriptions, real-world implementation vary significantly, and the lines between each of these solutions can be blurry. Instead of hard-and-fast rules, there are examples for starting places for organization mobile device deployment models and can help drive security, management, and operational practices discussions. The best way to look at these practices in real-world use is as part of a spectrum based on organizational needs, capabilities and actual usage.
Common attacks against wireless networks exploit vulnerabilities in protocols and human behavior by?
Evil twins pretend to be legitimate networks, and rouge access points are devices that are connected inside your network, allowing attackers to pass your security perimeter. Bluejacking sends unsolicited messages to Bluetooth devices, whereas bluesnarfing focuses on stealing contracts and other data. Protocol attacks against Wi-Fi can allow disassociating to occur causing systems to reconnect and permitting an attacker to capture useful data or to deceive the user or system into connecting to an evil twin. Jamming attacks flood the network with noise or unwanted signals, causing outages or disconnections.
When organization's want to work together, RADIUS servers can be?
Federated to allow individuals from other organizations to authenticate to remote networks using their home organization's accounts and credentials. Federating RADISU servers like this requires trust to be established between the RADIUS servers as part of federation. Many higher education institutions provide a federated authentication service for wireless called eduroam, which allows students, faculty, and staff from any eduroam institution to authenticate and use the networks at other eduroam supporting organization. Of course, RADIUS servers can be federated in a single organization as well if there are multiple RADIUS domains.
When organizations use devices, one important design decision is the deployment and management model that will be selected. The most common options are BYOD, or bring your own device; CYOD, or choose your own device; COPE, or corporate-owned, personally enabled, and fully corporate owned. Each of these options boil down to a few common questions which are?
First, who owns, chooses, and pays for the device and its connectivity plans. Second, how is the device managed and supported. Third, how are data and applications managed, secured, and protected?
MDM and UEM tools also typically allows administrators to control?
GPS tagging for photos and other documents that may be able to embed GPS data about where they were taken or created. The ability to use location data can be a useful privacy control or may be required by the organization as part of the documentation processes.
Wireless controllers can be deployed as?
Hardware devices, as a cloud service, or as a virtual machine or software package. Not all organizations will deploy a wireless controller. Small and even mid-sized organizations may choose to deploy standalone access points to provide wireless network access. In both of these scenarios, properly securing controllers and access points is an important part of a wireless network security. Much like other network devices, both controllers and AP's need to be configured to be secure by changing default settings, disabling insecure protocols and services, setting strong passwords, protecting their administrative interfaces by placing them on isolated VLANs or management networks, and by ensuring that they are regularly patched and updated. In addition, monitoring and logging should be turned on and tuned to ensure that important information and events are logged both on the wireless controller or access point and to central management software or systems.
Significant portions of the networks in most organizations are now wireless and wireless networks have a number of security challenges that wired networks do not?
Have. They broadcast their signal, and they are frequently accessible from outside of spaces that organizations own and manage. Cellular and point-to-point commercial wireless networks aren't even in the control of customers at all, which means that the traffic they carry may need to be treated as if it is traversing a potentially hostile network path.
Securing underlying wireless infrastructure requires strong network device administration and security practices by?
In addition to protocols like these, the controllers and access points must b protected. Like other network devices, controllers and Aps need to be regularly patched and updated, and must be configured securely. They also must have protected administrative interfaces and should be configured to log and report on the network, their own status, and security issues or potential problems.
Since IR traffic can be captured by anything with a line of sight to it, it can be captured if a device is?
In the area. Of course, this also means that unlike Wi-Fi and Bluetooth traffic, devices that are outside of the line of the device typically won't be able to capture IR traffic.
A final type of attack again Wi-Fi networks is an?
Initialization vector (IV) attack. The original implementation of wireless security was WEP (Wired Equivalent Privacy). WEP used a 24-bit initialization vector, which could be reverse-engineered once traffic from a network was captured. After the traffic was analyzed, the initialization vector used to generate an RC4 key stream could be derived, and all traffic sent on the network could be decrypted. Fortunately, IV attacks are no longer a concern for modern networks. Both WPA2 and WPA3 do not use weak initialization vectors like this, making the IV attack historical knowledge.
Another means of attacking radio frequency networks like Wi-Fi and Bluetooth is to?
Jam them. Jamming will block all traffic in the range or frequency it is conducted against. Since, jamming is essentially wireless interference, jamming may not always be intentional—in fact, running into devices that are sending out signals in the same frequency range as Wi-Fi devices isn't uncommon.
Like other radio frequency—based systems, GPS signals can be?
Jammed or spoofed, although attacks against GPS are uncommon in normal use. GPS jamming is illegal in the United States, but claims have been made that GPS spoofing has been used to target military drones, causing them to crash, and real-world proof-of-concept efforts have been demonstrated.
Wi-Fi Deauthers are often incorrectly called?
Jammers. A deauther will send Deauthentication frames, whereas a jammer sends out a powerful traffic to drown out traffic. Jammers are generally prohibited in the United States by FCC regulations, whereas deauthers are not since they operate within typical wireless power and protocol norms.
RFID tags also use one of three frequency ranges which are?
Low frequency RFID is used for short-range, low-power tags and are commonly used for entry access and identification purposes, where they are scanned by a nearby reader. Low-frequency RFID is not consistent around the world, meaning that tags may not meet frequency or power requirements in other countries. High-frequency RFDI tags which have a longer reader range up to a meter under normal circumstances and can communicate more quickly. In fact, high-frequency RFID is used for near-field communication, and many tags support read-only, write-only, and rewritable tags. The final frequency range is ultra-high frequency RFID, the fastest to read and with the longest range. This means that high frequency RFID tags are used in circumstances where readers need to be further away. High-frequency tags have found broad implementation for inventory and antitheft purposes as well as a multitude of other uses where a tag that can be remotely queried from meters away is useful.
The Security+ exam considers a few of the many ways that networks can be attacked. The first of these attacks that you need to know about is the evil twin attack. An evil twin is a?
Malicious or fake access point that is set up to appear to be a legitimate, trusted network. An example shows an evil twin attack where the client wireless device has opted for the evil twin wireless access point (AP) instead of the legitimate access point. The attacker may have used a powerful AP, placed the evil twin closer to the target, or used another technique to make the AP more likely to be the one the target will associate with. Once the client connects to the evil twin, the attacker will typically provide Internet connectivity so that the victim does not realize that something has gone wrong. The attacker will then capture all of the victim's network traffic and look for sensitive data, passwords, or other information that they can use. Presenting false version of websites, particularly login screens, can provide attackers who have successfully implemented an evil twin with a quick way to capture credentials.
Enterprise networks rely on wireless local area network (WLAN) controllers to help
Managed access points and the organization's wireless network. They offer additional intelligence and monitoring; allow for software-defined wireless networks' and can provide additional services, such as blended Wi-Fi and 5G wireless roaming.
When administrators and security professionals need to manage mobile devices, they frequently turn to?
Mobile device management (MDM) or unified endpoint management (UEM) tools MDM tools specifically target devices like Android and iOS phones, tablets, and many other types of devices in a single management platform.
Organizations use a wide variety of mobile devices, ranging from phones and tablets to more specialized devices. As you consider how your organization should handle them, you need to plan your deployment and management model, whether you will use a?
Mobile device management tools, and what security options and settings you will put in place.
Cellular networks provide connectivity for?
Mobile devices like cellphones by dividing geographic areas into "cells" with tower coverage allowing wireless communications between devise and towers or cell sites. Modern cellular networks use technologies like LTE (long-term evolution) 4G and related technology and new 5G networks, which are being steadily deployed around the world.
USB is an important connectivity method for many?
Mobile devices. Since USB is a direct cabled connection, it isn't subject to the same risks that a wireless network is, but it does come with its own concerns. One of the most significant risks that USB connectivity brings to mobile devices is that the device that is connected can then access the mobile device, often as a directly mounted filesystem, and may also be able to perform software or firmware updates or otherwise make changes or gather data from the mobile device. Some organizations ban connecting to USB chargers or using cables or systems to charge from that the organization has not preapproved or issued. Some organizations will issue charge-only USB cables that allow charging but do not have the data pins connected inside the USB cable.
Broadcast designs send out information on many?
Nodes and typically do not care about receiving a response. GPS and radio are both example of broadcast models.
Point-to-multipoint networks like Wi-Fi have many?
Nodes receiving the information sent by a node.
Although the security protocols and standards that a network uses are important, it is also critical to control access to the network itself. Organizations have a number of choices when it comes to choosing how they provide access to their networks. The Security+ exam outlines include three major types of authentications in modern Wi-Fi networks which are?
Open networks, which do not require altercation but that often use a captive portal to gather some information from users who want to use them. Captive portals redirect traffic to a website or registration page before allowing access to the network. Open networks do not provide encryption, leaving user data at risk unless the traffic is sent via secure protocols like HTTPS. Use of preshared keys (PSKs) requires a passphrase or key that is shared with anybody who wants to use the network. This allows traffic to be encrypted but does not allow users to uniquely identified. Enterprise authentication relies on a Radius server and utilizes an Extensible Authentication Protocol (EAP) for authentication.
WPA3 Personal provides addition protection for?
Password-based authentication, using a process known as Simultaneous Authentication of Equals (SAE. SAE replaces the preshared keys used in WPA2 and requires interaction between both the client and network to validate both sides. That interaction slows down brute-force attacks and makes them less likely to succeed. Since SAE means that users don't have to all use the same passwords, and in fact allows them to choose their own, it helps with usability as well. WPA3-Personal also implements perfect forward secrecy, which ensures that the traffic sent between the client ad network is secure even if the client's password has been compromised.
In CYOD, models the organization?
Pays for the device and typically for the cellular plan or other connectivity. The user selects the device, sometimes from a list of preferred options, rather than brining whatever they would like to use. In a CYOD design of this type, support is easier since only a limited number of device types will be encountered, and that can make a security model easier to establish as well. Since CYOD continues to leave the device in the hands of the user, security and management is likely to remain less standardized, although this can vary.
Bluetooth devices are usually connected in a?
Peer-to-peer rather than a client-server model.
Wireless technologies operate in one of three major models which are?
Point-to-point Point-to-multipoint Broadcast An example shows both a point-to point network between to systems or devices, and a point-to-multipoint network design that connects to multiple devices from a single location.
Infrared connections are most frequently used for?
Point-to-point connections between individual devices, but IR technologies that exist to create networks and groups of devices do exist. Despite, this infrared connectivity is less frequently found in modern systems and devices, having largely been supplanted by Bluetooth and Wi-Fi.
802.1x is an IEEE standard for access control and is used for both wired and wireless devices. In wireless networks, 802.1x is used to integrate with Radius servers, allowing enterprise users to authenticate and gain access to the network. Additional actions can be taken based on information about the users, such as placing them in groups or network zones, or taking other actions based on attributes once the user has been authenticated. Wi-Fi networks rely on IEEE 802.1x and various version of EAP, EAP is used by 802.11x as part of the authentication process when devices are authenticating to a RADIUS server. There are may EAP variants because EAP was designed to be extended, as the name implies. Here are common EAP variants that you should be aware of which are?
Protected Extensible Authentication Protocol (PEAP) authenticates servers when using a certificate and wraps EAP using a TLS tunnel to keep it secure. Devices on the network use unique encryption keys, and Temporal Key integrity Protocol (TKIP) is implemented to replace keys on a regular basis. Flexible Authentication via Secure Tunneling Extensible Authentication Protocol (EAP-FAST) is a Cisco-developed protocol that improved on vulnerabilities in Lightweight Extensible Authentication Protocol (LEAP) EAP-FAST is focused on providing faster reauthentication while devices are roaming. EAP-FAT works around the public key exchanges that slow down PEAP and EAP-TLS by using a shared secret (symmetric) key for reauthentication. EAP-FAST can use either preshared keys or dynamic keys established using public key authentication. Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) implements corticate-based authentication s well as mutual authentication of the device and network. It uses certificates on both client and network device to generate keys that are then used for communication. EAP-TLS is sued less frequently due to the certificate management challenges for deploying and managing certificates on large number of client devices. EAP-Tunneled Transport Layer Security (EAP-TLLS) extends EAP-TLS and unlike EAP-TLS, it does not require that client devices have a certificate to create a secure session. This removes the overhead and management effort that EAP-TLS requires to distribute and manage endpoint certificates while still providing TLS support for devices. A concern for EAP-TTLS deployments is that EAP-TTLS can require additional software to be installed on some devices, whereas PEAP, which provides similar functionality, does not. EAP-TTLS does provide support for some less secure authentication mechanisms, meaning that there are times where it may be implemented due to specific requirements.
Unlike the other wireless technologies, infrared (IR) connections only work in line of sight. IR networking specifications support everything from very low bandwidth modes to gigabit speeds, including?
SIR, 115 Kbit/s MIR, 1.15 Mbit/s Fir, 4 Mbit/s VFIR, 16 Mbit/s UFIR, 96 Mbit/s GigaIR, 512 Mbit/s-1 Gbit/s
Bluetooth is a?
Short-range wireless standard. Like Wi-Fi and many other technologies, it operates in the 2.4 GHz range, which is used for many different wireless protocols. Bluetooth is primarily used for low-power, short-range (less than 100 meters and typically 5-30 meters) connections that do not have very high bandwidth needs.
Despite years of use of Bluetooth in everything from mobile devices to medical devices, wearables, and cars, the security model for Bluetooth has not?
Significantly improved. Therefore, your best option to secure Bluetooth devices is to turn off Bluetooth if it is not being used or absolutely needed and to leave it off except when in use. In addition, if devices allow a pairing code to be set, change it from the default paring code and install all patches for Bluetooth devices. Unfortunately, this will leave many vulnerable devices, particularly those that are embedded or no longer supported by the software or hardware manufacturer.
An important part of designing a wireless network is to conduct a?
Site survey. Site surveys involve moving throughout the entire facility or space to determine what existing networks are in place and to look at the physical structure for the location options for your access points. In new construction, a network design is often included in the overall design for the facility. Since most deployments are in existing structures, however, walking through a site to conduct a survey is critical.
Secure wireless networks designs take existing networks and physical spaces into account by?
Site surveys include physical tours of a facility using tools that can identify existing wireless networks and access points as well as signal strengths and other details that help map the location. Network designs take into account channel spacing, access point placement, and even the composition of the building when placing access points.
Dedicated mobile security technologies can provide specialized capabilities by?
Specialized hardware and software can add additional features and capabilities to mobile devices. Test takers need to be familiar with mobile hardware security modules, including those that use a microSD card form factor to provide cryptographic capabilities for mobile devices. SEAndroid, a version of SELinux for Android, allows Android devices to implement mandatory access control (MAC) capabilities in similar ways to what SELinux provides for other Linux distributions. Android devices using SEAndroid can enforce security polices more effectively, including default deny polices and separation of filesystem and application environments.
Bluetooth impersonation attacks (BIAS) take advantages of weaknesses in the Bluetooth?
Specification, which means that all devices the implement Bluetooth as expected are likely to be vulnerable to them. They exploit a lack of mutual authentication, authentication procedure downgrade options, and the ability to switch roles. Although BIAS attacks have not yet been seen in the wild, as of May 2020 information about them has been published, leading to widespread warning that exploits were likely to be developed.
Determining which channels, you access points will use is also an important?
Step. In the 2.4 GHz band, each channel is 20 MHz wide, with a 5 MHz space between. There are 11 channels for 2.4 GHz Wi-Fi deployments, resulting in overlap between channels in the 100 MHz of space allocated. In most uses, this means that channels 1,6 and 11 are used when it is possible to control channel usage in a space to ensure that there is no overlap and thus interference between channels. In dense urban areas or areas where other organizations may have existing Wi-Fi deployments, overlapping the channels in use onto your heatmap will help determine which channel each access point should use. An example shows 2.4 GHz channels in use in North America with those areas supporting channels 12 and 13 in addition to 11 channels U.S. networks use. Note that overlap between the channels, which can cause interference if access points use overlapping channels within reach of each other.
Because of their small size and flexible form factor, RFID tags can be embedded in?
Stickers, small implantable chips like those used to identify pets, and in the form of devices like tollway tags. RFID tags can be attacked in a multitude of ways, from simple destruction or damage of the tag so that it cannot be read, to modification of tags, some of which can be reprogrammed Tags can be cloned, modified, or spoofed; readers can be impersonated, and traffic can be captured.
WPA-Enterprise provides?
Stronger encryption than WPA2, with an optional 192-bit mode, and ads authentication encryption and additional controls for deriving and authenticating keys and encrypting network frames. WPA3 thus offers numerous security advantages over existing WPA2 networks.
Radio frequency identification (RFID) is a relatively short-range (from less than a foot of some passive tags to about 100 meters for active tags) wireless technology that uses a?
Tag and a receiver to exchange information.